Method and system to utilize advertisement fraud data for blacklisting fraudulent entities

ABSTRACT

The present disclosure provides a system for utilization of an advertisement fraud data to blacklist or whitelist one or more entities. The system includes a first step of collecting the advertisement fraud data associated with online advertisement and commerce fraud. The system includes another step of creating a blacklist of one or more entities from the collected advertisement fraud data. The system includes another step of blocking the one or more entities present in the created blacklist in real-time. The system includes another step of generating a whitelist of one or more entities from the created blacklist of the one or more entities. The system includes yet another step of optimizing the blacklist of the one or more entities in real-time.

TECHNICAL FIELD

The present disclosure relates to the field of fraud detection systems,and in particular, relates to a method and system to utilize anadvertisement fraud data to blacklist or whitelist one or more entities.

INTRODUCTION

With the advancements in technology over the last few years, users havepredominantly shifted towards smartphones for accessing multimediacontent. Nowadays, users access content through a number of applicationsavailable for download through various online application stores.Businesses (Advertisers) have started focusing on generating revenue bytargeting consumers through these applications. In addition, businesseshave started investing heavily in doing business with theseapplications. Moreover, businesses (publishers and/or advertisingnetworks) have started developing capable advertisement applications forserving advertisements through these applications. These advertisementsare published in real time or fixed placements through theseapplications and watched by the users. The advertisers are benefited interms of internet traffic generated by clicking, taking action likeinstalling or on watching these advertisements. However, certain onlinepublishers and advertising networks working with these publishers takeundue advantage of this in order to generate high revenues. These onlinepublishers and advertising networks employ fraudulent techniques inorder to generate clicks or to increase actions like increasing numberof application install for the advertisers through fraudulent means.This results in a loss of advertisers marketing budget spent as manytimes these publishers claim a normal user-initiated action (Organicaction, e.g. Organic Install) as one initiated by them or at times theclicks or application installs are not driven by humans at all andinstead by bots. There is a consistent need to stop publishers fromperforming such types of click fraud and transaction fraud.

SUMMARY

The present disclosure provides a computer system. The computer systemincludes one or more processors and a memory. The memory is coupled tothe one or more processors. The memory stores instructions. Theinstructions are executed by the one or more processors. The executionof instructions causes the one or more processors to perform a methodfor utilization of an advertisement fraud data to blacklist or whitelistone or more entities. The method includes a first step of collecting theadvertisement fraud data associated with online advertisement andcommerce fraud in real-time at a fraud detection system. The methodincludes another step of creating a blacklist of one or more entitiesfrom the collected advertisement fraud data at the fraud detectionsystem. The method includes yet another step of blocking the one or moreentities present in the created blacklist in real-time at the frauddetection system. The method includes yet another step of generating awhitelist of one or more entities from the created blacklist of the oneor more entities at the fraud detection system. The method includes yetanother step of optimizing the blacklist of the one or more entities inreal-time at the fraud detection system. The advertisement fraud data iscollected from a plurality of sources. The advertisement fraud data iscollected based on a plurality of techniques. The blacklist of the oneor more entities is created by a blacklisting system. The blacklist ofthe one or more entities is created based on a plurality of parameters.The blacklist of the one or more entities is created based on aconfidence score calculated from a plurality of reason codes. The one ormore entities are blocked based on the plurality of parameters. Theplurality of parameters includes publisher type, device ID, device type,lull period of time, validity period, traffic and IP address. Thewhitelist of the one or more entities is created by the blacklistingsystem. The whitelist of the one or more entities is created based onthe plurality of parameters. The whitelist of the one or more entitiesis created based on a scoring mechanism. The optimizing of the blacklistof the one or more entities is done for fine tuning and improvingaccuracy of the created blacklist. The optimizing is done using afeedback loop to ensure that no invalid blacklisting of the one or moreentities is done.

BRIEF DESCRIPTION OF DRAWINGS

Having thus described the invention in general terms, references willnow be made to the accompanying figures, wherein:

FIG. 1 illustrates an interactive computing environment between usersand one or more components for blacklisting or whitelisting one or moreentities performing fraud in advertisements, in accordance with variousembodiments of the present disclosure;

FIG. 2 illustrates a flow chart of a method to utilize an advertisementfraud data to blacklist or whitelist one or more entities, in accordancewith various embodiments of the present disclosure; and

FIG. 3 illustrates a block diagram of a computing device, in accordancewith various embodiments of the present disclosure.

It should be noted that the accompanying figures are intended to presentillustrations of exemplary embodiments of the present disclosure. Thesefigures are not intended to limit the scope of the present disclosure.It should also be noted that accompanying figures are not necessarilydrawn to scale.

DETAILED DESCRIPTION

In the following description, for purposes of explanation, numerousspecific details are set forth in order to provide a thoroughunderstanding of the present technology. It will be apparent, however,to one skilled in the art that the present technology can be practicedwithout these specific details. In other instances, structures anddevices are shown in block diagram form only in order to avoid obscuringthe present technology.

Reference in this specification to “one embodiment” or “an embodiment”means that a particular feature, structure, or characteristic describedin connection with the embodiment is included in at least one embodimentof the present technology. The appearance of the phrase “in oneembodiment” in various places in the specification are not necessarilyall referring to the same embodiment, nor are separate or alternativeembodiments mutually exclusive of other embodiments. Moreover, variousfeatures are described which may be exhibited by some embodiments andnot by others. Similarly, various requirements are described which maybe requirements for some embodiments but not other embodiments.

Moreover, although the following description contains many specifics forthe purposes of illustration, anyone skilled in the art will appreciatethat many variations and/or alterations to said details are within thescope of the present technology. Similarly, although many of thefeatures of the present technology are described in terms of each other,or in conjunction with each other, one skilled in the art willappreciate that many of these features can be provided independently ofother features. Accordingly, this description of the present technologyis set forth without any loss of generality to, and without imposinglimitations upon, the present technology.

FIG. 1 illustrates an interactive computing environment 100 betweenusers and one or more components for blacklisting and whitelisting oneor more entities performing fraud in advertisements, in accordance withvarious embodiments of the present disclosure. The fraud inadvertisements corresponds to click fraud, transaction fraud and thelike. The click fraud corresponds to regular or constant clicking by auser or a group of users on an advertisement in order to generate morerevenue for a publisher. The transaction fraud takes place when thepublisher applies fraudulent techniques to drive fake installs ofapplications associated with an advertiser in order to generate morerevenue. The interactive computing environment 100 shows the interactionbetween various entities for blacklisting the one or more entitiesperforming fraud in advertisements.

The advertisements are displayed in third party applications developedby application developers. The application developers are known aspublishers. The advertisements may include a graphical advertisement, avideo advertisement, a banner advertisement and the like. Theinteractive computing environment 100 shows a relationship betweenvarious entities involved in detection of fraud in the advertisements.The advertisement fraud is detected by using multiple fraud detectiontechniques.

The interactive computing environment 100 includes a plurality of users132, a plurality of devices 134, a plurality of applications 136, afraud detection system 138, a blacklisting system 140 and a plurality ofthird party fraud detection system 142. In addition, the interactivecomputing environment 100 includes a server 144 and a database 146. Eachof the components of the interactive computing environment 100 interactswith each other to enable blacklisting of one or more entitiesperforming fraud in advertisements. The interactive computingenvironment 100 aids in tackling online advertisement fraud inapplications in real time. The online advertisement fraud inapplications refers to use of fraudulent techniques by publishers togenerate fake online traffic. The online traffic is faked throughtechniques such as click fraud, transaction fraud and the like. Theclick fraud refers to the generation of fraudulent clicks through onlinebots which are not identifiable to the advertisers who treat the same asgenuine online traffic. The transaction fraud refers to enablingapplication installs by providing some kind of incentive to users inreal time or making claims of initiating the install via fake clicks andbots (as described above in the application).

In addition, a user of the plurality of users 132 is associated with acorresponding device of the plurality of devices 134. The plurality ofusers 132 are individuals or persons who access online multimediacontent on the respective plurality of devices 134. Each user of theplurality of users 132 is accessing an application of the plurality ofapplications 136 on the corresponding device of the plurality of devices134. Further, the plurality of devices 134 includes a smartphone,portable communication device, fixed communication device, laptop,desktop, PDA, palmtop, setup boxes, smart televisions and the like. Eachdevice of the plurality of devices 134 is an Internet-enabled device forallowing each user of the plurality of users 132 to access correspondingapplication of the plurality of applications 136. The plurality ofapplications 136 is used to display content to the plurality of users132. The content may include one or more publisher content, one or morevideo content and the like. The plurality of applications 136 orpublishers accessed by the plurality of users 132 may show contentrelated to interests of the plurality of users 132. In an example, theplurality of users 132 may be interested in watching online videos,reading blogs, play online games, accessing social networking sites andthe like.

The plurality of applications 136 are software applications developed bythird-party online publishers. The plurality of applications 136 areadvertisement supporting applications. The plurality of applications 136may be any type of application such as a gaming application, a utilityapplication, a service based application and the like. The plurality ofapplications 136 provides space, areas or a part of their applicationpages for advertising purposes. These areas or spaces on the applicationpages are referred to as advertisement slots. The application page canhave the various advertisement slots depending on choice of each of theplurality of applications 136. The plurality of applications 136advertises products, services or businesses to the plurality of users132 for generating revenue.

The plurality of users 132 is accessing the plurality of applications136 in real time on the corresponding plurality of devices 134. Theonline plurality of applications 136 continuously displaysadvertisements through the plurality of devices 134. The plurality ofusers 132 encounters the advertisements while accessing the plurality ofapplications 136. The advertisements may include text advertisements,video advertisements, graphic advertisements and the like. The pluralityof users 132 may click on the advertisements and re-directed to awebsite of the advertiser associated with the corresponding clickedadvertisement. The advertisements are provided by advertisers. Theadvertisers provide advertisements to the plurality of applications 136for displaying on their application. The advertisements are placed onthe advertisement slots in the plurality of applications 136.

The one or more advertisers purchase the advertisement slots from theone or more publishers. The advertisements may be served based on areal-time bidding technique or a direct contract between the advertisersand the publishers. The advertisers may provide the advertisements toadvertising networks and information associated with advertisingcampaigns. The advertisement networks enable display of theadvertisements in real time on the plurality of applications 136 onbehalf of the advertisers. The advertising networks are entities thatconnect the advertisers to websites and applications that are willing toserve advertisements.

Further, the fraud detection system 138 is associated with the pluralityof applications 136 or the publishers. The fraud detection system 138 islinked with multiple online publishers in real time. The onlinepublishers correspond to the plurality of applications 136. The frauddetection system 138 is a platform for detecting click fraud andtransaction fraud done by the online publishers in real time. The frauddetection system 138 performs the detection of fraud in theadvertisements in real time. The fraud detection system 138 employsmultiple techniques to detect fraud detection by the online publishersin real time. The fraud detection system 138 detects fraudulentadvertising traffic initiated through the plurality of applications 136.The fraud detection system 138 collects an advertisement fraud data froma plurality of sources. The plurality of sources includes the pluralityof devices 134 and the plurality of third party fraud detection system142. The advertisement fraud data is associated with onlineadvertisement and commerce fraud. Further, the fraud detection system138 collects the advertisement fraud data based on a plurality oftechniques. Furthermore, the plurality of techniques include trackingonline activity of the plurality of users 132, tracking interaction ofthe plurality of users 132 with advertisements, utilization ofhistorical data, and the like. In an example, the advertisement frauddata corresponds to fraud related data collected from the plurality ofdevices 134 associated with the plurality of users 132. In anotherexample, the advertisement fraud data corresponds to fraud related datacollected from the plurality of third party fraud detection system 142.The advertisement fraud data include application size, time to download,time to run, redirection time, click to install, click to run, userclick time, device load time and time to run. In addition, theadvertisement fraud data include time to install, network download time,application usage time, application idle time and application openingtime.

The fraud detection system 138 tracks online activity of the pluralityof users 132. Further, the fraud detection system 138 tracks interactionof the plurality of users 132 with the advertisements in real time. Thefraud detection system 138 utilizes a past set of recorded data. Thepast set of recorded data corresponds to data associated with a numberof installs and number of clicks generated through the advertisementsover a period of time. The fraud detection system 138 detects fraudulentadvertising traffic initiated through the plurality of applications 136.The fraudulent advertising traffic is referred to the traffic generatedthrough click initiation by click bots, click spamming, ad stacking andthe like.

The fraud detection system 138 determines which publishers of theplurality of applications 136 are performing fraudulent activities inreal time. The fraud detection system 138 deters, blocks or interceptsthe publishers who generate more clicks and installs through fraudulentmeans. The fraud detection system 138 may take necessary action againstpublishers who are generating revenue by fraudulent means. In addition,the fraud detection system 138 blocks the publishers who performfraudulent activities such as click spamming to simulate fake traffic.Moreover, the fraud detection system 138 alerts the advertisers aboutthe fraudulent publishers in real time. Accordingly, the advertisers maytake appropriate action against the fraudulent publishers.

In an embodiment of the present disclosure, the fraud detection system138 performs fraud detection through multiple techniques. Each techniquegenerates fraud data in real time which is utilized for blacklistingpurposes. Also, the fraud data is analyzed in real time. The frauddetection system 138 includes the blacklisting system 140. Theblacklisting system 140 creates a blacklist of the one or more entitiesthat are performing fraud in the advertisements. Also, the blacklistingsystem 140 creates the blacklist of the one or more entities based onthe collected advertisement fraud data. In addition, the blacklistingsystem 140 enables whitelisting of one or more entities determined to benot performing fraud in the advertisements. The one or more entities mayinclude publishers, ad networks and the like. The blacklisting system140 creates the blacklist of the one or more entities based on aplurality of parameters. In addition, the plurality of parametersinclude publisher type, device ID, device type, lull period of time,validity period, traffic, IP address, and the like.

Also, the blacklisting system 140 creates the blacklist of the one ormore entities based on a confidence score calculated from a plurality ofreason codes. The blacklisting system 140 blocks the one or moreentities present in the created blacklist based on the plurality ofparameters. The plurality of parameters include device IDs, IPaddresses, device types, lull period of time, publisher type, validityperiod, traffic and the like. In an embodiment of the presentdisclosure, the blacklisting system 140 has a capability of blocking anytraffic through the blacklisted devices and IP addresses in real time.In an embodiment, the confidence score is calculated based on analysisof the advertisement fraud data. The confidence score is calculated inreal time. The confidence score is calculated to detect fraud done bythe online publisher in displaying the advertisements on the pluralityof devices 134.

In an embodiment of the present disclosure, the blacklisting system 140utilizes a whitelist system. The whitelist system is used for theblacklisted items only. The blacklisting system 140 generates awhitelist of the one or more entities. The blacklisting system 140generates the whitelist of the one or more entities based on the createdblacklist of the one or more entities. In addition, the blacklistingsystem 140 generates the whitelist of the one or more entities based onthe plurality of parameters. The blacklisting system 140 utilizes ascoring mechanism for whitelisting the one or more blacklisted entities.The blacklisting system 140 whitelists or unblacklists the one or moreentities with the lowest score. The blacklisting system 140 ensures thatno over blacklisting is done and a balance is maintained. In anembodiment, the scoring mechanism scores each of the one or moreentities present in the whitelist or the blacklist. The scoringmechanism performs the scoring using past advertiser data, and currentadvertiser data. The scoring mechanism performs the scoring in realtime.

In addition, the blacklisting system 140 acts as a blacklistingoptimizer. The blacklisting system 140 blacklists the one or moreentities in real-time. The blacklisting system 140 optimizes theblacklisting of the one or more entities based on the plurality ofparameters. In an embodiment of the present disclosure, the blacklistingsystem 140 may optimize the blacklist based on a type of IP address,device type and the like. In another embodiment of the presentdisclosure, the blacklisting system 140 may optimize the blacklist basedon a type of publisher. In yet another embodiment of the presentdisclosure, the blacklisting system 140 performs a check beforeblacklisting a parameter of the plurality of parameters or combinationof the plurality of parameters. The blacklisting system 140 maycalculate and show the confidence score of the plurality of parametersbased on fit from the plurality of reason codes. In an example, if theblacklisting system 140 wants to blacklist an IP address, theblacklisting system 140 may inform a score of the IP address, abnormallyhigh frequency of installs from the IP address, IP is from a suspiciousTOR network, installs came from a lull period (say 3 am in the morning)and a suspiciously high install rate for this period of time for theparticular application and recommend to blacklist the device ID as thedevice ID has a high fraud score. In an embodiment of the presentdisclosure, the scoring is done via adding fraud score for each reasoncode of the plurality of reason codes.

The blacklisting system 140 optimizes the blacklist of the one or moreentities to fine tune and improves accuracy of the created blacklist. Inan embodiment of the present disclosure, the blacklisting system 140optimizes the blacklist of the one or more entities using a feedbackloop to ensure that no invalid blacklisting of the one or more entitiesis done. The blacklisting system 140 analyzes whether the user of theplurality of users 132 has made any engagements and any purchases postinstall. Accordingly, the blacklisting system 140 ensures that noblacklist of valid installs is possible.

In an embodiment of the present disclosure, the plurality of reasoncodes may be added together for a particular parameter of the pluralityof parameters as an overall fraud score or the confidence score. Theplurality of reason codes include click to install time, hourlydistribution, anonymous installs, organic stuffing, invalid device IDs,IP frequency and incent mixing. The plurality of reason codes enablesbetter confidence in the blacklisting of the one or more entities. In anembodiment of the present disclosure, the blacklisting optimizerutilizes weights on each above mentioned parameter of the plurality ofparameters and multiplies the same to each of the plurality of reasoncodes to normalize the results. In an embodiment of the presentdisclosure, the blacklisting system 140 determines final score oroverall fraud score based on the score for each type of fraud detectionalgorithm. The final score is used to blacklist or whitelist the one ormore entities.

In an embodiment of the present disclosure, the blacklisting system 140includes the blacklist optimizer and a whitelist optimizer. Thewhitelist optimizer tracks false positive blacklisting to ensure overblacklisting is not done. The whitelist optimizer utilizes machinelearning and artificial intelligence algorithms. The whitelist optimizeris used to train artificial intelligence to ensure that real time fraudis blocking and to handle post back. In an embodiment of the presentdisclosure, the blacklisting system 140 utilizes the scoring mechanismto rank the whitelists of the one or more entities with a score. Theblacklisting system 140 evaluates the one or more entities of thewhitelist to be most likely to be the one or more entities of theblacklist. In an embodiment of the present disclosure, the blacklistingsystem 140 adds all known good one or more entities to the whitelist toensure engagement post install or purchases within the application ofthe plurality of applications 136. In an embodiment of the presentdisclosure, the blacklisting system 140 provides an expiry to thewhitelist of the one or more entities in different countries as peoplechange phones and sometimes IP addresses are recycled. In an embodimentof the present disclosure, the blacklisting system 140 tests the one ormore entities of the blacklist to check whether the one or more entitiesof the blacklist can be now whitelisted or not.

In an embodiment of the present disclosure, the blacklisting algorithmand whitelisting algorithm provide the score in real time for confidenceif a particular parameter should be blacklisted or whitelisted. Theblacklisting system 140 auto-blacklists the parameter based upon theconfidence level or the score.

In an embodiment of the present disclosure, the blacklisting system 140performs correlation of the collected advertisement fraud data from theplurality of sources in real time. In an embodiment of the presentdisclosure, the blacklisting system 140 receives the advertisement frauddata from the fraud detection system 138 in real time. In an embodimentof the present disclosure, the blacklisting system 140 calculates theconfidence score for the advertisement fraud data generated from eachtype of fraud detection algorithm. The confidence score may be utilizedto determine a most reliable fraud detection data in order to blacklistan entity.

In an embodiment of the present disclosure, the blacklisting system 140blacklists the device IDs, the IP addresses and the like based on theconfidence score for each of the fraud detection algorithms. In anembodiment of the present disclosure, the blacklisting system 140whitelists the device IDs, the IP addresses and the like based on theconfidence score for each of the fraud detection algorithms. In anembodiment of the present disclosure, the blacklisting system 140 usesmachine learning and artificial intelligence to determine the confidencescore for all relevant fraud detection algorithms.

In an embodiment of the present disclosure, the blacklisting system 140automatically determines and finds correlations of fraud using theadvertisement fraud data from various fraud detection techniques. In anembodiment of the present disclosure, the blacklisting system 140 mayconsider the fraud data of each fraud detection technique separately forconfidence analysis. In another embodiment of the present disclosure,the blacklisting system 140 may consider the fraud data of a subset offraud detection techniques in order to determine the fraud accuratelyand blacklist the one or more entities.

In an embodiment of the present disclosure, the blacklisting system 140utilizes combination of the advertisement fraud data from each of thefraud detection algorithms. The blacklisting system 140 determineswhether to blacklist or whitelist an entity of the one or more entitiesbased on combination of the advertisement fraud data from each of thefraud detection algorithms. The blacklisting system 140 blacklists orwhitelists the one or more entities based on the combination data withgreater accuracy.

In an embodiment of the present disclosure, the blacklisting system 140blacklists or whitelists the one or more entities based on statisticalanalysis of click to install timings. In another embodiment of thepresent disclosure, the blacklisting system 140 blacklists or whiteliststhe one or more entities based on statistical analysis of installs basedupon lull periods of time. In yet another embodiment of the presentdisclosure, the blacklisting system 140 blacklists or whitelists the oneor more entities based on statistical analysis of IP addresses. In yetanother embodiment of the present disclosure, the blacklisting system140 blacklists or whitelists the one or more entities based onstatistical analysis of device IDs.

In an embodiment of the present disclosure, the blacklisting system 140is linked with the plurality of third party fraud detection system 142.The plurality of third party fraud detection system 142 corresponds tovarious third party fraud detection systems which detect fraud inadvertisements. The blacklisting system 140 collects the advertisementfraud data from the plurality of third party fraud detection system 142in real time. The blacklisting system 140 utilizes the advertisementfraud data for fine tuning the blacklists and whitelists and improvingthe accuracy of the blacklisting. The blacklisting system 140 maycompare the advertisement fraud data from the plurality of third partyfraud detection system 142 with the advertisement fraud data of thefraud detection system 138. The comparison may be used to improve theconfidence score for the blacklisting system 140.

In an embodiment of the present disclosure, the blacklisting system 140utilizes the combination of multiple fraud detection techniques in orderto blacklist or whitelist a publisher, a device ID, IP address and thelike. In an embodiment of the present disclosure, the blacklistingsystem 140 may optimize the combination of the fraud detectiontechniques for different advertisers. In an embodiment of the presentdisclosure, the blacklisting system 140 may optimize the fraud detectiontechniques based on a category of advertisers. In an embodiment of thepresent disclosure, the blacklisting system 140 may perform scoring foreach type of fraud detection technique and may blacklist or whitelist anentity of the one or more entities based on the scoring. In anembodiment of the present disclosure, the blacklisting system 140 maybuild the confidence score for each type of fraud detection techniquefor each category of advertisers.

In an embodiment of the present disclosure, the blacklisting system 140may utilize the confidence score of at least two fraud detectiontechniques to blacklist or whitelist the one or more entities displayingadvertisements. The advertisements are displayed on the plurality ofapplications 136 associated with that particular category ofadvertisers. In an embodiment of the present disclosure, theblacklisting system 140 may take into account a type of fraud detectiontechnique relevant or accurate or suitable for each advertiser based onthe plurality of parameters of the plurality of applications 136. In anembodiment of the present disclosure, the blacklisting system 140 maytake into account the past data of the advertiser. Further, theblacklisting system determines which type of fraud detection techniquecan yield best results for the advertiser and that can help inblacklisting or whitelist a publisher based on the consent of theadvertiser. In an embodiment of the present disclosure, the blacklistingsystem 140 may recommend a list of publishers or the one or moreentities that should be blacklisted or whitelisted. The recommendationmay be made based on the past advertiser data and the current advertiserdata or the mapping of both the data.

In an embodiment of the present disclosure, the blacklisting system 140may prioritize methods for fraud detection for each type or category ofthe advertiser. In addition, the blacklisting system 140 utilizes thepriority to blacklist or whitelist the advertiser. In an embodiment ofthe present disclosure, the blacklisting system 140 may utilize the dataassociated with a particular blacklisted publisher of a particularcategory to blacklist or whitelist target publishers of the samecategory. In an embodiment of the present disclosure, the blacklistingsystem 140 may use supervised machine learning and non-supervisedmachine learning. In an embodiment of the present disclosure, theblacklisting system 140 may use algorithms to intelligently adapt itselfto the continuous change in the data and related patterns.

Further, the blacklisting system 140 is linked to the server 144. In anembodiment of the present disclosure, the server 144 controls each andevery operation performed by the blacklisting system 140. The server 144includes the database 146. The database 146 may store the dataassociated with the blacklisting system 140. In an embodiment of thedisclosure, the blacklisting system 140 communicates in real time to anad server for suspected fraud cases that are at the borderline and usesactive fraud detection to confirm fraud or not.

FIG. 2 illustrates a flow chart 200 for utilization of an advertisementfraud data to blacklist or whitelist one or more entities, in accordancewith various embodiments of the present disclosure. It may be noted thatto explain the process steps of flowchart 200, references will be madeto the system elements of FIG. 1. It may also be noted that theflowchart 200 may have fewer or more number of steps.

The flowchart 200 initiates at step 202. Following step 202, at step204, the fraud detection system 138 collects the advertisement frauddata associated with online advertisement and commerce fraud inreal-time. At step 206, the fraud detection system 138 creates theblacklist of the one or more entities from the collected advertisementfraud data. At step 208, the fraud detection system 138 blocks the oneor more entities present in the created blacklist in real-time. At step210, the fraud detection system 138 generates the whitelist of the oneor more entities from the created blacklist of the one or more entities.At step 212, the fraud detection system 138 optimize the blacklist ofthe one or more entities in real-time. The flow chart 200 terminates atstep 214.

FIG. 3 illustrates a block diagram of a device 300, in accordance withvarious embodiments of the present disclosure. The device 300 is anon-transitory computer readable storage medium. The device 300 includesa bus 302 that directly or indirectly couples the following devices:memory 304, one or more processors 306, one or more presentationcomponents 308, one or more input/output (I/O) ports 310, one or moreinput/output components 312, and an illustrative power supply 314. Thebus 302 represents what may be one or more busses (such as an addressbus, data bus, or combination thereof). Although the various blocks ofFIG. 3 are shown with lines for the sake of clarity, in reality,delineating various components is not so clear, and metaphorically, thelines would more accurately be grey and fuzzy. For example, one mayconsider a presentation component such as a display device to be an I/Ocomponent. Also, processors have memory. The inventors recognize thatsuch is the nature of the art, and reiterate that the diagram of FIG. 3is merely illustrative of an exemplary device 300 that can be used inconnection with one or more embodiments of the present invention.Distinction is not made between such categories as “workstation,”“server,” “laptop,” “hand-held device,” etc., as all are contemplatedwithin the scope of FIG. 3 and reference to “computing device.”

The computing device 300 typically includes a variety ofcomputer-readable media. The computer-readable media can be anyavailable media that can be accessed by the device 300 and includes bothvolatile and nonvolatile media, removable and non-removable media. Byway of example, and not limitation, the computer-readable media maycomprise computer storage media and communication media. The computerstorage media includes volatile and nonvolatile, removable andnon-removable media implemented in any method or technology for storageof information such as computer-readable instructions, data structures,program modules or other data. The computer storage media includes, butis not limited to, RAM, ROM, EEPROM, flash memory or other memorytechnology, CD-ROM, digital versatile disks (DVD) or other optical diskstorage, magnetic cassettes, magnetic tape, magnetic disk storage orother magnetic storage devices, or any other medium which can be used tostore the desired information and which can be accessed by the device300. The communication media typically embodies computer-readableinstructions, data structures, program modules or other data in amodulated data signal such as a carrier wave or other transportmechanism and includes any information delivery media. The term“modulated data signal” means a signal that has one or more of itscharacteristics set or changed in such a manner as to encode informationin the signal. By way of example, and not limitation, communicationmedia includes wired media such as a wired network or direct-wiredconnection, and wireless media such as acoustic, RF, infrared and otherwireless media. Combinations of any of the above should also be includedwithin the scope of computer-readable media.

Memory 304 includes computer-storage media in the form of volatileand/or nonvolatile memory. The memory 304 may be removable,non-removable, or a combination thereof. Exemplary hardware devicesinclude solid-state memory, hard drives, optical-disc drives, etc. Thedevice 300 includes the one or more processors 306 that read data fromvarious entities such as memory 304 or I/O components 312. The one ormore presentation components 308 present data indications to the user orother device. Exemplary presentation components include a displaydevice, speaker, printing component, vibrating component, etc. The oneor more I/O ports 310 allow the device 300 to be logically coupled toother devices including the one or more I/O components 312, some ofwhich may be built in. Illustrative components include a microphone,joystick, gamepad, satellite dish, scanner, printer, wireless device,etc.

The foregoing descriptions of specific embodiments of the presenttechnology have been presented for purposes of illustration anddescription. They are not intended to be exhaustive or to limit thepresent technology to the precise forms disclosed, and obviously manymodifications and variations are possible in light of the aboveteaching. The embodiments were chosen and described in order to bestexplain the principles of the present technology and its practicalapplication, to thereby enable others skilled in the art to best utilizethe present technology and various embodiments with variousmodifications as are suited to the particular use contemplated. It isunderstood that various omissions and substitutions of equivalents arecontemplated as circumstance may suggest or render expedient, but suchare intended to cover the application or implementation withoutdeparting from the spirit or scope of the claims of the presenttechnology.

While several possible embodiments of the invention have been describedabove and illustrated in some cases, it should be interpreted andunderstood as to have been presented only by way of illustration andexample, but not by limitation. Thus, the breadth and scope of apreferred embodiment should not be limited by any of the above-describedexemplary embodiments.

What is claimed:
 1. A computer system comprising: one or moreprocessors; and a memory coupled to the one or more processors, thememory for storing instructions which, when executed by the one or moreprocessors, cause the one or more processors to perform a method forutilization of an advertisement fraud data to blacklist or whitelist oneor more entities, the computer system comprising: collecting, at a frauddetection system, the advertisement fraud data associated with onlineadvertisement and commerce fraud in real-time, wherein the advertisementfraud data is collected from a plurality of sources, wherein theadvertisement fraud data is collected based on a plurality oftechniques; creating, at the fraud detection system, a blacklist of oneor more entities from the collected advertisement fraud data, whereinthe blacklist of the one or more entities is created by a blacklistingsystem, wherein the blacklist of the one or more entities is createdbased on a plurality of parameters, and wherein the blacklist of the oneor more entities is created based on a confidence score calculated froma plurality of reason codes; blocking, at the fraud detection system,the one or more entities present in the created blacklist in real-time,wherein the one or more entities are blocked based on the plurality ofparameters, wherein the plurality of parameters comprises publishertype, device ID, device type, lull period of time, validity period,traffic and IP address; generating, at the fraud detection system, awhitelist of one or more entities from the created blacklist of the oneor more entities, wherein the whitelist of the one or more entities iscreated by the blacklisting system, wherein the whitelist of the one ormore entities is created based on the plurality of parameters, whereinthe whitelist of the one or more entities is created based on a scoringmechanism; and optimizing, at the fraud detection system, the blacklistof the one or more entities in real-time, wherein the optimizing of theblacklist of the one or more entities is done for fine tuning andimproving accuracy of the created blacklist, wherein the optimizing isdone using a feedback loop to ensure that no invalid blacklisting of theone or more entities is done.
 2. The computer system as recited in claim1, wherein the plurality of sources comprises a plurality of devicesassociated with a plurality of users, and a plurality of third partyfraud detection system.
 3. The computer system as recited in claim 1,wherein the advertisement fraud data comprises application size, time todownload, time to run, redirection time, click to install, click to run,user click time, device load time, time to run, time to install, networkdownload time, application usage time, application idle time andapplication opening time.
 4. The computer system as recited in claim 1,wherein the plurality of techniques comprises tracking online activityof the plurality of users, tracking interaction of the plurality ofusers with advertisements, and utilization of historical data.
 5. Thecomputer system as recited in claim 1, wherein the plurality of reasoncodes comprises at least one of click to install time, hourlydistribution, anonymous installs, organic stuffing, invalid device ID,IP frequency, and incent mixing.
 6. The computer system as recited inclaim 1, wherein the blacklisting system comprises of a blacklistoptimizer and a whitelist optimizer.
 7. The computer system as recitedin claim 1, wherein the scoring mechanism score each of the one or moreentities, wherein the scoring mechanism perform the scoring using pastadvertiser data and current advertiser data, wherein the scoringmechanism performs scoring in real time.
 8. The computer system asrecited in claim 1, wherein the confidence score is calculated based onanalysis of the advertisement fraud data, wherein the confidence scoreis calculated to detect fraud done by the online publisher in displayingadvertisements on a plurality of devices.
 9. The computer system asrecited in claim 1, wherein the advertisement fraud data collected fromthe plurality of sources is correlated with facilitation of theblacklisting system.
 10. A computer-implemented method for utilizationof an advertisement fraud data to blacklist or whitelist one or moreentities, the computer-implemented method comprising: collecting, at afraud detection system with a processor, the advertisement fraud dataassociated with online advertisement and commerce fraud in real-time,wherein the advertisement fraud data is collected from a plurality ofsources, wherein the advertisement fraud data is collected based on aplurality of techniques; creating, at the fraud detection system withthe processor, a blacklist of one or more entities from the collectedadvertisement fraud data, wherein the blacklist of the one or moreentities is created by a blacklisting system, wherein the blacklist ofthe one or more entities is created based on a plurality of parameters,and wherein the blacklist of the one or more entities is created basedon a confidence score calculated from a plurality of reason codes;blocking, at the fraud detection system with the processor, the one ormore entities present in the created blacklist in real-time, wherein theone or more entities are blocked based on the plurality of parameters,wherein the plurality of parameters comprises publisher type, device ID,device type, lull period of time, validity period, traffic and IPaddress; generating, at the fraud detection system with the processor, awhitelist of one or more entities from the created blacklist of the oneor more entities, wherein the whitelist of the one or more entities iscreated by the blacklisting system, wherein the whitelist of the one ormore entities is created based on the plurality of parameters, whereinthe whitelist of the one or more entities is created based on a scoringmechanism; and optimizing, at the fraud detection system with theprocessor, the blacklist of the one or more entities in real-time,wherein the optimizing of the blacklist of the one or more entities isdone for fine tuning and improving accuracy of the created blacklist,wherein the optimizing is done using a feedback loop to ensure that noinvalid blacklisting of the one or more entities is done.
 11. Thecomputer-implemented method as recited in claim 11, wherein theplurality of sources comprises of a plurality of devices associated witha plurality of users, and a plurality of third party fraud detectionsystem.
 12. The computer-implemented method as recited in claim 11,wherein the advertisement fraud data comprises application size, time todownload, time to run, redirection time, click to install, click to run,user click time, device load time, time to run, time to install, networkdownload time, application usage time, application idle time andapplication opening time.
 13. The computer-implemented method as recitedin claim 11, wherein the plurality of techniques comprises trackingonline activity of the plurality of users, tracking interaction of theplurality of users with advertisements, and utilization of historicaldata.
 14. The computer-implemented method as recited in claim 11,wherein the plurality of reason codes comprises at least one of click toinstall time, hourly distribution, anonymous installs, organic stuffing,invalid device ID, IP frequency, and incent mixing.
 15. Thecomputer-implemented method as recited in claim 11, wherein theblacklisting system comprises of a blacklist optimizer and a whitelistoptimizer.
 16. The computer-implemented method as recited in claim 11,wherein the scoring mechanism score each of the one or more entities,wherein the scoring mechanism perform the scoring using past advertiserdata and current advertiser data, wherein the scoring mechanism performsthe scoring in real time.
 17. The computer-implemented method as recitedin claim 11, wherein the confidence score is calculated based onanalysis of the advertisement fraud data, wherein the confidence scoreis calculated to detect fraud done by the online publisher in displayingadvertisements on a plurality of devices.
 18. The computer-implementedmethod as recited in claim 11, wherein the advertisement fraud datacollected from the plurality of sources is correlated with facilitationof the blacklisting system.
 19. A non-transitory computer-readablestorage medium encoding computer executable instructions that, whenexecuted by at least one processor, performs a method for utilization ofan advertisement fraud data to blacklist or whitelist one or moreentities, the method comprising: collecting, at a computing device, theadvertisement fraud data associated with online advertisement andcommerce fraud in real-time, wherein the advertisement fraud data iscollected from a plurality of sources, wherein the advertisement frauddata is collected based on a plurality of techniques; creating, at thecomputing device, a blacklist of one or more entities from the collectedadvertisement fraud data, wherein the blacklist of the one or moreentities is created by a blacklisting system, wherein the blacklist ofthe one or more entities is created based on a plurality of parameters,and wherein the blacklist of the one or more entities is created basedon a confidence score calculated from a plurality of reason codes;blocking, at the computing device, the one or more entities present inthe created blacklist in real-time, wherein the one or more entities areblocked based on the plurality of parameters, wherein the plurality ofparameters comprises publisher type, device ID, device type, lull periodof time, validity period, traffic and IP address; generating, at thecomputing device, a whitelist of one or more entities from the createdblacklist of the one or more entities, wherein the whitelist of the oneor more entities is created by the blacklisting system, wherein thewhitelist of the one or more entities is created based on the pluralityof parameters, wherein the whitelist of the one or more entities iscreated based on a scoring mechanism; and optimizing, at the computingdevice, the blacklist of the one or more entities in real-time, whereinthe optimizing of the blacklist of the one or more entities is done forfine tuning and improving accuracy of the created blacklist, wherein theoptimizing is done using a feedback loop to ensure that no invalidblacklisting of the one or more entities is done.